PPPoE Service is one of the most popular services in MikroTik Router. It is specially used by the local ISP provider for the simplicity of client connection. MikroTik PPPoE Service accepts user or client authentication and authorization both MikroTik local user database and RADIUS user database. RADIUS Server provides an efficient way to manage user authentication, authorization and accounting. FreeRADIUS is a high performance RADIUS suite that provides user authentication, authorization and accounting facility for a number of network devices including MikroTik Router. So, connecting MikroTik Router with freeRADIUS Server, PPPoE user can be managed efficiently. How to configure freeRADIUS server with MySQL database and how to configure user profile with MySQL were discussed in my previous article. In this article, I will discuss how to configure MikroTik PPPoE Service and how to authenticate and authorize PPPoE user from freeRADIUS Server.
Network Diagram
To configure MikroTik PPPoE Service with freeRADIUS Server, I am following a network diagram like the below image.
In this network, MikroTik Router’s (RouterBOARD 1100 AHX2) WAN interface (ether1) is connected to internet through WAN distribution switch having IP address 192.168.40.8/25. MikroTik Router also has a LAN network having IP network 10.10.60.0/24. The freeRADIUS Server, installed on CentOS 7 Linux Server with MySQL Server, is also connected to internet through WAN switch having IP address 192.168.40.10. So, MikroTik Router can see freeRADIUS Server through WAN interface and WAN switch.
In this article, we will configure MikroTik PPPoE Server and connect with freeRADIUS Server to authenticate and authorize PPPoE users from freeRADIUS Server. So, design your MikroTik and freeRADIUS network according to the above network diagram and follow below sections to configure your MikroTik PPPoE network with freeRADIUS Server.
MikroTik PPPoE Server with freeRADIUS
We are now going to configure MikroTik PPPoE network with freeRADIUS Server. Complete configuration can be divided into the following 7 parts.
- MikroTik Router basic configuration
- MikroTik PPPoE Server configuration
- MikroTik IP Pool Configuration
- MikroTik Radius client configuration
- FreeRADIUS user profile configuration
- Adding MikroTik Router as a FreeRADIUS NAS device.
- Testing PPPoE user authentication and authorization
The following section will describe the above seven parts step by step.
Part 1: MikroTik Router Basic Configuration
MikroTik Router basic configuration includes assigning WAN IP, LAN IP, DNS IP and NAT and Routing Configuration. The following steps will show how to perform these topics in your MikroTik RouterOS.
- Login to your MikroTik Router using Winbox with full permission user such as admin user.
- Go to IP > Addressesmenu item. Address List window will appear.
- Click on PLUS SIGN (+). New Addresswindow will appear.
- Put RouterOS WAN IP (RouterOS WAN IP: 192.168.40.8/28) in Addressinput field and choose WAN interface (ether1) from Interface dropdown menu and then click Apply and OK
- Again click on PLUS SIGN (+) and put LAN Gateway IP (LAN Gateway IP: 10.10.60.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and click Apply and OK button.
- Now go to IP > DNS. DNS Settingswindow will appear. Put your DNS server IP (Public DNS IP: 8.8.8.8 or 8.8.4.4) in Servers input field and then click Apply and OK button.
- Go to IP > Routes. Route Listwindow will appear. Click on PLUS SIGN (+). New Route window will appear. Click on Gateway input box and put your internet gateway IP (192.168.40.1) in this input field. Click on Apply and OK
- Go to IP > Firewall menu item and click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear.
- In General tab, choose srcnat from Chain dropdown menu and click Action tab and then choose masquerade from Action dropdown menu.
- Click on Apply and OK button.
MikroTik Router basic configuration has been completed. Now we will configure PPPoE Server in our MikroTik RouterOS.
Part 2: MikroTik PPPoE Server configuration
After completing basic RouterOS configuration, we will now configure PPPoE server in our MikroTik RouterOS. The following steps will show how to configure PPPoE server in MikroTik Router.
- Click on PPPmenu item from Winbox left menu bar. PPP window will appear now.
- Click on PPPoE Serverstab and then click on PLUS SIGN (+). New Interface window will appear.
- Under Generaltab, put PPPoE Server Interface name what you want or you can keep automatic name. Click Apply and OK button.
- Click on PPPoE Serverstab and then click on PLUS SIGN (+). New PPPoE Service window will appear.
- Put your PPPoE Server name in Service Nameinput box and then choose interface on which you want to setup PPPoE Server (ether2) from Interface dropdown menu. Click Apply and OK button.
- Click on Profilestab and then double click on Click on Local Address input field and put PPPoE Server’s IP Address (10.10.60.1) in this text field. Optionally, you can put DNS server for your PPPoE Client in DNS Server input box. If you want that only one connection is allowed with a username and password, click on Limits tab and click on yes radio button from Only one panel. Click Apply and OK button.
- Now click on Secrets tab and then click on PPP Authentication and Accounting PPP Authentication and Accountingwindow will appear. Click on Use Radius check box and then click on Apply and OK button.
PPPoE Server that will use freeRADIUS Server for user authentication has been configured. Now we will configure IP Pool from where PPPoE client will get IP address.
Part3: MikroTik IP Pool Configuration
Now we will create three IP Pools(512k_pool, 1M_pool and 2M_pool) for three user profiles (512k_Profile, 1M_Profile and 2M_Profile). These user profiles will be created in freeRADIUS Server. The following steps will show how to create IP Pool in MikroTik Router.
- Go to IP > Pool menu and click on PLUS SIGN (+). New IP Pool window will appear.
- Put pool name 512k_pool in Name input filed and put IP address range (10.10.60.2-10.10.60.254) in Addresses input field. Click Apply and OK button.
- Similarly create 1M_pool and 2M_pool and put address range 10.10.70.2-10.10.70.254 and 10.10.70.2-10.10.70.254 respectively.
MikroTik IP Pool configuration has been completed. Now we will configure MikroTik RADIUS client so that it can connect with the freeRADIUS Server.
Part 4: MikroTik Radius client configuration
Configuring Radius client, we tell MikroTik to connect with RADIUS Server and to query user authentication from RADIUS Server. The following steps will show how to configure Radius client in MikroTik RouterOS.
- Click on Radiusmenu item from left menu bar. Radius window will appear now.
- Click on PLUS SIGN (+). New Radius Serverwindow will appear now.
- Click on pppcheckbox from Service panel.
- Put Radius Server IP address (192.168.40.10) in Addressinput field.
- Put Shared secret (Passkey@85) in Secretinput field. This secret has to put in freeRADIUS Server’s client configuration.
- Click Applyand OK button.
Radius client configuration as well as the entire MikroTik PPPoE Server configuration to connect with freeRADIUS Server has been completed. The next step is to configure freeRADIUS user profile for MikroTik PPPoE Server.
Part 5: FreeRADIUS User Profile Configuration
In the previous article, I have discussed how to configure freeRADIUS user profile for MikroTik Router. In that article, I have created three user profiles (512k_Profile, 1M_Profile and 2M_Profile). I have also shown how to create user and assign their profile. So, no need to repeat here. If you are not familiar with freeRADIUS user profile, visit the article and complete user profile configuration. In the next part, I will show how to add MikroTik Router as a NAS device in freeRADIUS MySQL database.
Part 6: Adding MikroTik Router as a FreeRADIUS NAS device
In the previous article, I have shown how to create user profile and how to test user with radtest program. But I have not shown how to add a NAS device in MySQL database. So, the following step will show how to add a NAS device in freeRADIUS MySQL database.
- Login to MySQL database with the following command.
[root@freeradius ~]# mysql -uroot -pPasskey85 radius
Don’t forget to replace your database username and password in the above command.
- Issue the following command to add MikroTik Router (192.168.40.8) as a NAS device.
MariaDB [radius]> insert into nas (nasname,shortname,type,ports,secret,server,community,description) values(‘192.168.40.8’, ‘mikrotik-client’, ‘other’, NULL,’Passkey@85′,NULL,NULL,’MikroTik Client Router’);
- Logout from your database server with the quit command.
MariaDB [(none)]> quit
- Restart your freeRADIUS Server. Otherwise your freeRADIUS NAS information will not be updated.
[root@freeradius ~]# systemctl restart radiusd
Our MikroTik Router is now added as a NAS device and freeRADIUS is now ready to reply user request. Now we will test freeRADIUS user with MikroTik PPPoE Server.
Part 7: Testing PPPoE User Authentication and Authorization
We are now ready to test freeRADIUS user profile with MikroTik PPPoE Server. Connect any PC to your MikroTik PPPoE network and configure PPPoE Client. In this article, I am showing the steps to configure PPPoE client on Windows 7. If you use different Operating System, search in Google to find the steps to configure PPPoE Client on that specific Operating System.
Microsoft PC dialer is used to connect with remote PPPoE Server. So, you have to configure Microsoft PC dialer in windows 7 PC to get access to the internet through your MikroTik router. Follow my bellow steps to create PPPoE connection in windows 7 with built in PPPoE wizard.
- Connect an Ethernet cable to windows 7 PC from your network switch.
- Open Network and Sharing Centerfrom Control Panel.
- Now click on Setup a new connection or networklink under Change your networking settings area. Set Up a Connection or Network window will appear.
- In this window, click on Connect to the internetoption and click the Next Connect to the Internet window will appear.
- Click on Broadband (PPPoE)option from this window and put username (such as: bob) and password that you have created in freeRADIUS user profile configuration. Optionally, you can change connection name in Connection name input field and you can also click on Remember this password option otherwise you have to provide password every time you start your PC. Now click on If you provide correct username and password, The connection to the Internet is ready to use message will be shown. Now click on Close button. A dialer will be created in your windows 7 PC and you can enter your credential anytime to connect Internet with this dialer.
You are now connected to the internet with PPPoE dialer. Browse any site. I hope you will be successful to browse any site now.
Also check your MikroTik Router. You will find your logged in user information in Queues, Interfaces and PPP active connection area.
If you face any confusion to follow above steps properly, watch the below video about MikroTik PPPoE Server configuration with freeRADIUS. I hope it will reduce your any confusion.
How to configure MikroTik PPPoE Server with freeRADIUS user profile has been created in this article. I hope you will be able to configure your MikroTik PPPoE Server with freeRADIUS Server. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you. In the next article, I will show how to manage MySQL Database graphically with phpmyadmin web interface tool. So, keep tune with SystemZone.